creating-mcp-servers

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content is not overtly malicious but contains multiple high-risk insecure patterns—curl|sh remote install instructions (supply-chain risk), subprocess.run execution of arbitrary local scripts (RCE/backdoor potential), unsafely-built SQL executed via f-strings (SQL injection / data exfiltration risk), and broad bundle/include behaviors that could leak secrets—so it poses a high security risk if used with untrusted inputs or environments.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Documentation Retrieval Workflow and references/LLMS_TXT.md explicitly instruct the agent to use web_fetch on public FastMCP URLs (e.g., https://gofastmcp.com/...), meaning the agent will fetch and parse open third‑party web content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). This skill explicitly instructs runtime fetching via web_fetch of FastMCP documentation from https://gofastmcp.com (e.g., https://gofastmcp.com/servers/auth/authentication.md), and those fetched docs are used to determine prompts/instructions and implementation patterns, making the external URL a required runtime source that directly controls agent behavior.